(no title)
copsarebastards | 10 years ago
We're talking about different things because you missed my point a few posts ago when I said that the problem it solves is "how do we (a big company) get smaller companies to outsource as much of their user data as possible to us". User lists are data.
> Some provide it to make it easier for their users to login
If that's their goal, they're failing to achieve it. OAuth requires more steps than a simple username/password signup form, including going to a completely different site to give permission to log in with your data. Google/Facebook/etc. and other OAuth providers aren't stupid: they know that's not a good solution to that problem. If they really wanted to solve that problem they'd write a login library (something like Reddit's signup/login system) which would solve that problem better. The reason OAuth isn't implemented that way is that the goal of OAuth is not to make it easier to sign up and log in.
> Most see it as a benefit for their users to only use one login.
There is nothing that stops users from using one login everywhere; OAuth does not aid this in any way. I use the same login on all the sites where I don't care about the security of my account.
You have yet to make any compelling argument that users or sites which use OAuth are gaining any benefit from OAuth. The only people who benefit from OAuth are OAuth providers.
testrun|10 years ago
I am not making a compelling argument for or against OAuth. My point is that you do not understand how OAuth works. The user is already a user of the OAuth provider. The outsourcing is not decided by the Oauth provider, it is decided by the site owner, and it is the user that decides to use this option or not.
And as stated above, this post is saying that the method stinks.